<?php
//Start session
session_start();

//Include database connection details
require_once ('config.php');

//Array to store validation errors
$errmsg_arr = array ();

//Validation error flag
$errflag = false;

//Connect to mysql server
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if (!$link) {
	die('Failed to connect to server: ' . mysql_error());
}

//Select database
$db = mysql_select_db(DB_DATABASE);
if (!$db) {
	die("Unable to select database");
}

//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
	$str = @ trim($str);
	if (get_magic_quotes_gpc()) {
		$str = stripslashes($str);
	}
	return mysql_real_escape_string($str);
}

//Sanitize the POST values
$userid = clean($_POST['userid']);
$password = clean($_POST['password']);

//Input Validations
if ($userid == '') {
	$errmsg_arr[] = 'Login ID missing';
	$errflag = true;
}
if ($password == '') {
	$errmsg_arr[] = 'Password missing';
	$errflag = true;
}

//If there are input validations, redirect back to the login form
if ($errflag) {
	$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
	session_write_close();
	header("location: index.php");
	exit ();
}

//Create query
$qry = "SELECT * FROM member_details WHERE userid='$userid' and password='$password'";

$result = mysql_query($qry);

//Check whether the query was successful or not
if ($result) {

	//Login Successful
	session_regenerate_id();
	$member = mysql_fetch_assoc($result);
	$_SESSION['SESS_MEMBER_ID'] = $member['userid'];
	$_SESSION['SESS_FIRST_NAME'] = $member['fname'];
	$_SESSION['SESS_LAST_NAME'] = $member['lname'];
	session_write_close();
	header("location: member-index.php");
	exit ();

} else {
	//Login failed
	header("location: login-failed.php");
	exit ();
}

/*        else {
    die("Query failed");
  }
*/
?>
